Visitor Monitoring Tracking the Trackers | Keynote

Tracking the Trackers

A look at Web tracking, how it can unknowingly impact your site

Monetizing a Site While Respecting User Privacy

Website privacy is center stage again, as privacy incursions by major sites and apps have returned to the headlines and government scrutiny is sharpening, regulatory proposals in the European Union. Consumers are becoming more and more aware and concerned about being followed online and having their data bought, sold and warehoused in various corners of the Internet, in a personal data ecosystem commonly described as the “Wild West.”

But this Wild West has cookies. It’s an oddly sweet and innocent-sounding name for these bits of data that get dropped into a Web user’s browser and then enable the collection of all kinds of data that is used to target the user for advertising and customize their content and site experience. For many users, tracking infringes on their privacy. Some fear that it’s a small step from greasing the wheels of Internet commerce to collecting sensitive data and assembling profiles that end up being personally identifiable.

Website owners have a lot at stake in the privacy issue. Their businesses — whether it’s attracting readers, selling products, or promoting their brands — depend on the trust of their site visitors. Building that trust is a long and expensive process. And despite best intentions, in the Wild West of online advertising that powers so much of the Internet, perfectly legitimate and well-meaning sites can fall victim to unintentional privacy breeches that quickly sack their hard-won reputation.

The online trust deficit

“You don’t want to be surprised that a site you’ve never visited seems know an awful lot about your buying habits,” writes best-selling author and new economy evangelist Seth Godin on his blog. “As computers get ever better at triangulating our interests and our actions, prepare to be surprised more often. It’s not clear to me whether the never-ending series of little snooping surprises will eventually wear us out and we’ll give up caring, or whether one day we’ll sit up and demand that the surprises stop. 1Seth Godin’s Blog, “The illusion of privacy (and what we actually care about),” 2/17/12,

Surveys confirm just how suspicious consumers have become about the Web in general. A full 90% worry to some degree about their privacy online, according to a Harris Interactive poll for TRUSTe. And 41% don’t trust most companies with their personal information online. 2Harris Interactive/TRUSTe, Inc., “TRUSTe Privacy Index, Q1 2012 Consumer Confidence Edition In a survey by the advertising firm McCann Erickson, consumers worldwide ranked erosion of personal privacy as their number two concern — ahead of terrorism and climate change — though Web and email tracking specifically were ranked lower, just ahead of airport body-scanning. 3Advertising Age Digital, “How Do You Brand Consumer Privacy?” by Kanur Patel, 2/13/12

Who do consumers hold responsible for their privacy? Website owners. Fully 95% of U.S. adults say businesses have a responsibility to protect their privacy online, and 88% shun businesses that they don’t believe protect their privacy. 4Adweek online, “More Ad Networks Get Good Privacy Report Card,” by Katy Bachman, 2/14/12

Privacy? There’s a score for that.

Unfortunately for consumers, there’s no easy way to control how they’re tracked online. “Do not track” requests through browsers are just that — requests — and it’s up to websites and ad networks to honor them. Firmer opt-outs require visiting scores of sites and drilling down to opt-out functionality that’s often intentionally obscured. Out of the hundreds of ad networks, just 60 are on board with the Network Advertising Initiative’s online privacy code, whereby they agree not to collect personally identifiable information for behavioral targeted advertising, 5Adweek online, “More Ad Networks Get Good Privacy Report Card,” by Katy Bachman, 2/14/12 though they don’t seem as strict about anonymous data collection.

A growing number of users are employing browser add-ons like Ghostery, Adblock Plus, TrackerBlock and Abine DNT+ to block themselves from being tracked. (See the Benchmark interview with Abine co-founder Rob Shavell.) It’s a sophisticated user, however, who seeks out, installs and uses this kind of technology; even with adoption rates of these tools projected in the tens of millions, the vast majority of average Internet users still go without this kind of protection.

A new scoring system, Privacyscore, created by, aims to give that majority of average consumers visibility into the privacy practices of the sites they visit, and to give site owners the means to boost their privacy cred. Scores range from zero to 100. Categorically, travel sites have an average score of 80; reference sites, 77 (with Wikipedia earning a perfect 100); news sites, 66; and shopping sites, 65.

A browser add-on displays a site’s privacy score, and visitors can go to the Privacyscore website to look up individual website scores.

The score looks at the published privacy policies of the sites and any trackers that are found on the site; 50 points account for personal(identifiable) data, and 50 points for anonymous data, that is, trackers. As yet, privacyscore is one of the few tools consumers have to gain visibility into who’s following them online, and how safe their data is or isn’t.

Uninvited guests prompt calls to the privacy police.

Even if a website wants to do the right thing to protect user privacy — carefully constructing a privacy policy with real protections in it, enforcing it internally, and working only with external partners that agree to abide by the same policies — the very act of allowing third parties (read:advertisers) on the site can undermine all their best intentions. The online ad ecosystem is so vast and so tangled that uninvited guests can and often do slip in the door.

Even the most prominent websites can be unknowing accomplices in privacy breeches. The Wall Street Journal— the very publication that broke the “Google-gate” story — was itself found to have ads placed on its site that circumvented users’ privacy controls. “We were unaware this was happening on,” a Journal spokesperson said, “And are looking into it further. 6The Wall Street Journal, “Google’s iPhone Tracking,” by Julia Angwin and Jennifer Valentino-Devries, 2/17/12

Incidents like this point out just how difficult it is to keep track of advertising placed on a site by outside networks.

“There’s often advertising space scattered all over every page on a website,” says Keynote Director of Privacy Services Ray Everett. “And each little block of space may be pulling up advertisements from any number of ad networks that the content owners have signed up for and have business relationships with. There are literally hundreds of advertising networks. And in fact, the network serving up an ad may be several rungs down the ladder from the network the site owners contracted with to put ad space into the market.

“So a visitor might get served an ad from a network that doesn’t honor do not track requests or some other part of the site owner’s privacy policy. At that point, there’s a discrepancy between the policy of the website and the practice being engaged in.”

It’s a complicated spider web of advertising networks shuffling ads around trying to find available inventory on websites to place them. But the website owner where the ad is displayed is ultimately responsible for user privacy. If an ad slips in that violates the site’s stated policy — if it places tracking cookies, or captures sensitive data, or collects data onto its servers and doesn’t delete it, or any number of things the website policy says it won’t do — the Federal Trade Commission can cite and fine the website.

Legal issues aside, a few prominent headlines or a flurry of buzz on Twitter or Facebook about a site’s privacy missteps can cost dearly in terms of brand reputation, traffic, and ultimately, the very monetization they were achieving through selling ad space in the first place.

A lot of money is at stake. Online display advertising revenues are expected to soar 36 percent in 2012, to $34.4 billion. 7USA TODAY, Consumers turn to do-not-track software to maintain privacy,” by Byron Acohido, citing projections by Zenith Optimedia, 12/29/11 But even with that much money on the table, advertisers are hesitant to go down the online behavioral advertising (OBA) path. A survey of nearly 100 large consumer advertisers finds that, though they recognize a tremendous effectiveness advantage for behaviorally targeted advertising, they allocate just two percent of their marketing and advertising budgets for OBA. The overwhelming reason they cite for their reluctance to increase that spend is privacy. 8Ponemon Institute research report, “Economic impact of privacy on online behavioral advertising, Benchmark study of Internet marketers and advertisers,“ 4/30/10

Similarly, site owners are understandably cautious about tracking users despite the far greater revenue potential of behaviorally targeted advertising. But the tracking happens, oftentimes without the site owner’s knowledge or consent.

New tech to track the trackers.

Those same cookies that third parties plant to follow users can also be used to uncover who those third parties are and what they’re attempting to do. It’s not a task for the faint of heart, though; with hundreds of ad networks and dozens of ads scattered through a given site that change hour-by-hour or even minute-by-minute, it’s a herculean task to keep tabs on them all. It takes a technology solution.

Keynote Systems recognized the problem and also recognized the potential solution in its sophisticated Web performance monitoring technology. Leveraging its extensive monitoring infrastructure and incorporating extensive data on ad networks, Keynote has developed a service that can continuously examine all of the third-party content on a site, trace it back to its source, and report on any that are known to violate the site’s privacy policy.

“What we’re doing really answers four questions,” say Product Manager Ian Withrow. “It tells you who is showing up on your site that does not comply with your privacy policy. It tells you how often they’re showing up, where on your site it’s happening, and perhaps most importantly, it’s telling you how they got there.”

Armed with this data, site owners can hold accountable the third parties they actually did invite to their site and agree on a strategy for keeping out the undesirable elements. Or they can choose to work with different partners altogether.

(Keynote’s service is currently in beta trials.)

Follow the users, follow the money.

It’s possible to turn privacy into an asset and opportunity. If a website has full visibility into everything that’s happening on the site, they can then control what’s happening. They can ensure their privacy policies have real meaning and that they work. Then they can leverage privacy to build reputation, to build consumer confidence in their brand, to attract advertisers that also respect privacy, and ultimately, increase revenue.

“When you have third-party visibility, you might actually invite more people to the party,” Withrow says. “You can make sure they’re not bringing along the sketchy people you don’t want to show up.”

“If you have the right tools, you can effectively increase your monetization,” Withrow concludes, “Because you have control and insight into who you’re ultimately doing business with. So you can more aggressively leverage behavioral targeting because you have a way to react and, on good faith, deal with any problems that come up.”

The state of privacy and tracking may smack of the Wild West. But site owners have the power — and the responsibility —to put on their white hats and be the sheriffs that protect their end of town, making it a safe place to visit and do business.

Back to Top